Minimally invasive software

Posted on June 23, 2023June 25, 2023 by omarmetwally

How to interact with an Ethereum contract

By: Omar Nabil Metwally, MD

24 June 2024

Objective: To interact with an Ethereum application (“smart contract”)

Background: The German Federal Intelligence Service, die Bundesnachrichtendienst (BND), announced on 5 June 2023 a digital scavenger hunt to collect “Dogs of BND” themed NFTs (“Hunde der BND”, https://www.bnd.bund.de/DE/Karriere/SozialeMedien/Gewinnspiele/blockchain-challenge/teilnahmebedingungen-blockchain-challenge-node.html).

The only hints provided toward solving the puzzle are the following 40-character hexademical sequence and the knowledge that it is an Ethereum address: 0x6E02ffa16171ac74dC1688480A1F703C23994f3D

Environment:

This write-up assumes working knowledge of the Ethereum client written in the Go programming language (“Go” Ethereum client, aka “geth”, https://github.com/ethereum/go-ethereum), a fully synced node, and use of the clef command line utility (https://geth.ethereum.org/docs/tools/clef/introduction) to sign transactions and data.

Rationale:

The Ethereum ecosystem continues to evolve rapidly. Note that web3 methods based on the deprecated “personal” namespace resulted in potentially breaking changes for code used to interact with Ethereum contracts. The proper way to handle account locking and unlocking in the context of broadcasting transactions is to now use clef.

Start geth and clef as follows:

./clef –keystore /path/to/your/keystore/ –ipcpath=/your/path/to/clef/ipc –signersecret /your/clef/signer/secret

./geth –syncmode snap –datadir=/your/datadir/path –signer=/your/path/to/clef/ipc console

Task #1: Query 0x6E02ffa16171ac74dC1688480A1F703C23994f3D

The above hexademical sequence appears to be an Ethereum address, based on the knowledge that Ethereum addresses are 40-character hexademical sequences preceded by 0x.

This can be verified using geth:

eth.getBalance(“0x6E02ffa16171ac74dC1688480A1F703C23994f3D”)

This yields a balance of 316649482296000 wei, or 0.000316649482296 Ether.

Call this address [ORIGIN]. Looking up this address on etherscan.io (https://etherscan.io/address/0x6E02ffa16171ac74dC1688480A1F703C23994f3D) reveals that [ORIGIN] is directly associated with two transactions.

Transaction 1 on block 17393444 entails a transfer of 0.04879799 ETH from [ORIGIN] to 0x2B127A04c4DA063dB1E75BAC1b007D5C0661570a. Call this recipient [RECIPIENT 1]. The transaction hash for transaction 1 is 0x30daf5adac61330817ba48bdcc093df402b992f7112898c88d83f025d3c2dd6d

Transaction 2 on block 17393441 entails a transfer of 0.05 ETH from 0x12CF21eE48426b0E8f9bE4704C38aAba6E9ab988 to [ORIGIN]. Call this sender [SENDER 1]. The transaction hash for transaction 2 is 0xa61b9a442c9a6836390d422c81597608a63bef0c6d71dc220793521edb188f80.

[RECIPIENT 1] created a contract at 0xb47c23d001c0c9f5c1a158a93b6df6004b6012f7 (transaction hash 0xd5b3d8b57316fecdfb958815e1c0d3079a5c5826e99c924c87cf11014b1b31d7 on block 17413916. Call this [CONTRACT 1], and call this transaction [TRANSACTION_CONTRACT_1_CREATE].

32 transactions have been sent to [CONTRACT 1] at the time of writing, the first of which constructed the contract, and the rest invoked a method called “updateMessage”. Each transaction can be queried using the python web3 library.

Etherscan.io provides the contract source code and indicates that it is “verified.” It is marked with the following comments:

// Herzlichen Glückwunsch!

// Du hast diese versteckte Nachricht erfolgreich finden können!

// Damit hast du nun die Möglichkeit, dir als eine oder einer der Ersten ein

// exklusives Hunde-NFT aus unserer Collection zu sichern (nur solange der Vorrat reicht).

// Du findest die Collection unter diesem Link auf Opensea: opensea.io/collection/dogs-of-bnd

// (Bitte beachte die Teilnahme- und Datenschutzbedingungen unter bnd.de/nft).

Task #2: Verify contract source code

To verify the bytecode of the provided source code and verify its authenticity, compile the provided source code and compare the resulting bytecode with the bytecode at the corresponding address, [CONTRACT 1], on Ethereum mainnet.

The easiest way to compile the source code is using the Remix compiler at https://remix.ethereum.org. Doing so yields the following ABI and bytecode:

abi: [ { “inputs”: [ { “internalType”: “string”, “name”: “_message”, “type”: “string” } ], “stateMutability”: “nonpayable”, “type”: “constructor” }, { “inputs”: [ { “internalType”: “string”, “name”: “_newMessage”, “type”: “string” } ], “name”: “updateMessage”, “outputs”: [], “stateMutability”: “nonpayable”, “type”: “function” }, { “inputs”: [], “name”: “message”, “outputs”: [ { “internalType”: “string”, “name”: “”, “type”: “string” } ], “stateMutability”: “view”, “type”: “function” } ]

bytecode: 60806040523480156200001157600080fd5b5060405162000bee38038062000bee8339818101604052810190620000379190620001e3565b80600090816200004891906200047f565b505062000566565b6000604051905090565b600080fd5b600080fd5b600080fd5b600080fd5b6000601f19601f8301169050919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b620000b9826200006e565b810181811067ffffffffffffffff82111715620000db57620000da6200007f565b5b80604052505050565b6000620000f062000050565b9050620000fe8282620000ae565b919050565b600067ffffffffffffffff8211156200012157620001206200007f565b5b6200012c826200006e565b9050602081019050919050565b60005b83811015620001595780820151818401526020810190506200013c565b60008484015250505050565b60006200017c620001768462000103565b620000e4565b9050828152602081018484840111156200019b576200019a62000069565b5b620001a884828562000139565b509392505050565b600082601f830112620001c857620001c762000064565b5b8151620001da84826020860162000165565b91505092915050565b600060208284031215620001fc57620001fb6200005a565b5b600082015167ffffffffffffffff8111156200021d576200021c6200005f565b5b6200022b84828501620001b0565b91505092915050565b600081519050919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052602260045260246000fd5b600060028204905060018216806200028757607f821691505b6020821081036200029d576200029c6200023f565b5b50919050565b60008190508160005260206000209050919050565b60006020601f8301049050919050565b600082821b905092915050565b600060088302620003077fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff82620002c8565b620003138683620002c8565b95508019841693508086168417925050509392505050565b6000819050919050565b6000819050919050565b6000620003606200035a62000354846200032b565b62000335565b6200032b565b9050919050565b6000819050919050565b6200037c836200033f565b620003946200038b8262000367565b848454620002d5565b825550505050565b600090565b620003ab6200039c565b620003b881848462000371565b505050565b5b81811015620003e057620003d4600082620003a1565b600181019050620003be565b5050565b601f8211156200042f57620003f981620002a3565b6200040484620002b8565b8101602085101562000414578190505b6200042c6200042385620002b8565b830182620003bd565b50505b505050565b600082821c905092915050565b6000620004546000198460080262000434565b1980831691505092915050565b60006200046f838362000441565b9150826002028217905092915050565b6200048a8262000234565b67ffffffffffffffff811115620004a657620004a56200007f565b5b620004b282546200026e565b620004bf828285620003e4565b600060209050601f831160018114620004f75760008415620004e2578287015190505b620004ee858262000461565b8655506200055e565b601f1984166200050786620002a3565b60005b8281101562000531578489015182556001820191506020850194506020810190506200050a565b868310156200055157848901516200054d601f89168262000441565b8355505b6001600288020188555050505b505050505050565b61067880620005766000396000f3fe608060405234801561001057600080fd5b50600436106100365760003560e01c80631923be241461003b578063e21f37ce14610057575b600080fd5b61005560048036038101906100509190610270565b610075565b005b61005f610088565b60405161006c9190610338565b60405180910390f35b80600090816100849190610570565b5050565b6000805461009590610389565b80601f01602080910402602001604051908101604052809291908181526020018280546100c190610389565b801561010e5780601f106100e35761010080835404028352916020019161010e565b820191906000526020600020905b8154815290600101906020018083116100f157829003601f168201915b505050505081565b6000604051905090565b600080fd5b600080fd5b600080fd5b600080fd5b6000601f19601f8301169050919050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b61017d82610134565b810181811067ffffffffffffffff8211171561019c5761019b610145565b5b80604052505050565b60006101af610116565b90506101bb8282610174565b919050565b600067ffffffffffffffff8211156101db576101da610145565b5b6101e482610134565b9050602081019050919050565b82818337600083830152505050565b600061021361020e846101c0565b6101a5565b90508281526020810184848401111561022f5761022e61012f565b5b61023a8482856101f1565b509392505050565b600082601f8301126102575761025661012a565b5b8135610267848260208601610200565b91505092915050565b60006020828403121561028657610285610120565b5b600082013567ffffffffffffffff8111156102a4576102a3610125565b5b6102b084828501610242565b91505092915050565b600081519050919050565b600082825260208201905092915050565b60005b838110156102f35780820151818401526020810190506102d8565b60008484015250505050565b600061030a826102b9565b61031481856102c4565b93506103248185602086016102d5565b61032d81610134565b840191505092915050565b6000602082019050818103600083015261035281846102ff565b905092915050565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052602260045260246000fd5b600060028204905060018216806103a157607f821691505b6020821081036103b4576103b361035a565b5b50919050565b60008190508160005260206000209050919050565b60006020601f8301049050919050565b600082821b905092915050565b60006008830261041c7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff826103df565b61042686836103df565b95508019841693508086168417925050509392505050565b6000819050919050565b6000819050919050565b600061046d6104686104638461043e565b610448565b61043e565b9050919050565b6000819050919050565b61048783610452565b61049b61049382610474565b8484546103ec565b825550505050565b600090565b6104b06104a3565b6104bb81848461047e565b505050565b5b818110156104df576104d46000826104a8565b6001810190506104c1565b5050565b601f821115610524576104f5816103ba565b6104fe846103cf565b8101602085101561050d578190505b610521610519856103cf565b8301826104c0565b50505b505050565b600082821c905092915050565b600061054760001984600802610529565b1980831691505092915050565b60006105608383610536565b9150826002028217905092915050565b610579826102b9565b67ffffffffffffffff81111561059257610591610145565b5b61059c8254610389565b6105a78282856104e3565b600060209050601f8311600181146105da57600084156105c8578287015190505b6105d28582610554565b86555061063a565b601f1984166105e8866103ba565b60005b82811015610610578489015182556001820191506020850194506020810190506105eb565b8683101561062d5784890151610629601f891682610536565b8355505b6001600288020188555050505b50505050505056fea26469706673582212204326a68b08e2f4dc500c89e18af564f403f4aaab0887e352cdb0a6cabba9228e64736f6c63430008120033

Now query [TRANSACTION_CONTRACT_1_CREATE] with the following block of python code:

from web3 import Web3, HTTPProvider, IPCProvider

web3 = Web3(IPCProvider(‘/path/to/your/geth.ipc’))

# sanity check

web3.eth.block_number

# query first transaction

tx = web3.eth.get_transaction(“0xd5b3d8b57316fecdfb958815e1c0d3079a5c5826e99c924c87cf11014b1b31d7”)

# contract bytecode

tx.input

Note that tx.input is very similar, but not equal to, the bytecode from the allegedly verified source code we compiled using Remix. The difference is an appended 96-byte sequence trailing the compiled bytecode, with each byte in the bytecode represented by a pair of hexadecimal characters. 169 of these appended 192 characters are zeros.

Pythonically converting the non-zero bytes (7363687265696220756e73) to UTF-8 encoded string:

bytes.fromhex(‘7363687265696220756e73’).decode(‘utf-8’)

Yields ‘schreib uns’. (‘Screib uns” means “write [to] us” in German.

The “verified” contract source code appears to be authentic, and the appended bytes comprise the initial value of public variable “message” that was passed to the contract constructor when the contract was deployed.

Task #3: Interact with deployed contract

[CONTRACT 1] source code is simple and consists of public variable of type “string” called “message”, a constructor that accepts a string as an argument, and function “updateMessage” of scope “public” which accepts string-type argument.

So, let’s drop the Dogs of BND a line. To do so, save the contract abi and bytecode on your local machine. In this case, I saved them as “dogs_of_bnd_abi” and “dogs_of_bnd_bin”, respectively.

In Python shell:

abi_path = ‘/path/to/dogs_of_bnd_abi’

bin_path = ‘/path/to/dogs_of_bnd_bin’

bin_file = open(bin_path,’r’)

abi_file = open(abi_path,’r’)

bytecode = bin_file.read()

abi = abi_file.read()

# set your default Ethereum accounts

# note that transaction signing is handled via clef, per above

# when the command line appears to freeze, it’s probably because clef is waiting for [y/N] input

web3.eth.default_account = web3.eth.accounts[0]

bndContract = web3.eth.contract(address=”0xB47C23D001c0c9F5C1A158a93b6dF6004b6012f7″,abi=abi)

bndContract.functions.updateMessage(“Information is all.”).transact()

Posted on December 22, 2022December 23, 2022 by omarmetwally

Comments on the Digital Asset Anti-Money Laundering Act of 2022

The Honorable Elizabeth Warren
United States Senate
309 Hart Senate Office Building
Washington, DC 20510

December 22nd, 2022

Dear Senator Warren:

Senate Bill “Digital Asset Anti-Money Laundering Act of 2022” (DAAML) promulgates the regulation of various agents in the digital asset ecosystem toward the goal of preventing the use of distributed ledger (“blockchain”) technologies in money laundering, financing terrorism, and illegal drug trafficking [1]. Former CIA Director Michael Morell described blockchain analysis as a “highly effective crime fighting and intelligence gathering tool” and the Bitcoin ledger as an “underutilized forensic tool” (page 3, Morell et al) [2]. The report cited a currently serving official at the CFTC (Commodity Futures Trading Commission) who stated that it “is easier for law enforcement to trace illicit activity using Bitcoin than it is to trace cross-border illegal activity using traditional banking transactions, and far easier than cash transactions” (page 5, Morell et al) [2].

Bitcoin is an example of a distributed ledger technology that was designed and is primarily used for transferring value. However, numerous other distributed ledgers, most notably, the Ethereum blockchain, have their origins in decentralized computing. My analysis of the Ethereum blockchain demonstrated that 49.9% of all transactions entail transfer of funds*. The Ethereum blockchain, like many other distributed ledgers, is used for manifold purposes beyond simply transferring value, including voting, decentralized autonomous organization, litigation, intellectual property attribution, and proof of data authenticity, to name a few applications [3, 4, 5, 6].

Distributed ledger jargon suffers from misnomers that can easily confuse non-technical audiences who approach the subject from a financial perspective while ignoring blockchain’s numerous non-financial applications. For example, Ethereum applications have historically been referred to as “smart contracts”, although they generally have nothing to do with contracts in a legal sense. A “smart contract” is a misnomer for a software program that is stored and executed on a distributed computer known as “Ethereum”. Another example of jargon that is often misinterpreted by non-technical audiences is the term “transaction”.

Most non-technical readers interpret the word “transaction” in a financial sense, similar to a credit card transaction or a commercial interaction in which money is exchanged for a good or service. However, a “transaction” in the context of distributed ledger technology should be interpreted in the broader and more accurate technical sense of a state change. For instance, deleting a record, uploading a cryptographic hash, saving a string such as “Hello, World!”, or updating a database record on the Ethereum blockchain all constitute “transactions”. That is, a “transaction” results in a state change on the Ethereum computer and may or may not entail transfer of value from a sender to a recipient.

Section 3 of DAAML (“Digital Asset Rulemakings”) states: “The Financial Crimes Enforcement Network shall promulgate a rule classifying custodial and unhosted wallet providers, cryptocurrency miners, validators, or other nodes who may act to validate or secure third-party transactions, independent network participants, including MEV searchers, and other validators with control over network protocols as money service businesses.” Preventing money laundering and countering terrorism are obviously worthy goals. However, the measures proposed toward these noble goals are, in my view, misguided.

In proof-of-stake (PoS) blockchain networks such as Ethereum, validators are agents that run peer-to-peer software and use their own “staked” funds to cryptographically validate transactions. To rephrase this generally, validators run peer-to-peer client software that maintains the integrity of the network and keeps it online. Analogously, proof-of-work (PoW) blockchain networks such as Bitcoin (and previously, Ethereum, before a network upgrade that occurred on 15 September 2022 that changed Ethereum from a PoW to a PoS system) rely on miners to incorporate transactions into a distributed ledger.

Legislation that fails to distinguish between financial and non-financial uses of blockchain networks threatens not only the entire blockchain industry but also the very technologies that were developed to promote transparent, democratic, and censorship-resistant computing. Anyone with a modern computer and an internet connection can download an entire distributed ledger, interrogate and interact with the ledger using open-source client software. These agents can fall under the definition of “independent network participant” and “validator”. Classifying these entities as “money service businesses”, along with the regulatory and reporting burden this entails, is unreasonably onerous, in my opinion.

Beyond the stated goals of preventing the financing of terrorism, money laundering, and illicit drug trafficking, legislation that regulates the digital asset ecosystem should also protect consumers from abuse by financial institutions. FTX is neither the first nor the last financial institution, crypto-based or otherwise, to collapse, and these corporate failures should highlight a key value proposition of digital assets: the fact that they can be managed by individuals without having to place trust in third-parties that may or may not deserve their customers’ trust. The classification system put forth in DAAML would largely target innocent individuals while failing to focus regulation where it ought to be focused: on corporations that lost or otherwise gambled away funds of customers who relied on these companies to safeguard their digital assets.

Classifying miners, validators, and independent network participants as “money service businesses” would be analogous to classifying individuals who run file-sharing clients (for example, BitTorrent) as a cloud hosting service. Clearly, a college student running a peer-to-peer node from their dorm is incomparable to Google Cloud or Amazon Web Services. DAAML would severely discourage and unreasonably burden anyone wishing to run free, open-source software with a multitude of non-financial uses, whether or not these parties are involved in verifying transactions that entail transfer of value. DAAML fails to recognize the fact that most transactions on the Ethereum blockchain involve no transfer of value whatsoever. The bill lacks an accurate appreciation of the term “transaction” in a technical sense as it it used in blockchain discourse and is biased by interpretation of the word in a classical financial sense.

Every single transaction in the Ethereum blockchain can be scrutinized with a few lines of code. The tools I used to conduct my analyses are based on open-source utilities such as the Go-Ethereum client and the Python Web3 library [7, 8]. Rich and detailed information about the Ethereum blockchain can be obtained by anyone without the need for proprietary APIs. I encourage lawmakers to conduct their own analyses of blockchain ledgers so that emerging legislation can more effectively protect consumers and counter the financing of terrorism, illegal drug trafficking, and money laundering – without destroying the democratic, decentralized foundations of these technologies.

In particular, I urge you to develop a more nuanced definition of “money service business” that does not target the miners, validators, and independent network participants which serve as the foundation of blockchain networks and keepers of its decentralized integrity. I hope that the arguments made above demonstrate that doing so would be a fallacy.

Thank you for your consideration.

Respectfully yours,

Omar Metwally, M.D.

* My initial analysis of all transactions from the past 10 days yielded a figure of 43%, and this is the number I cited in my original letter to Senator Warren. In a follow-up study, I analyzed all transactions from every 100th block on the Ethereum blockchain beginning with block 16237072 and ending with block 1388368 and calculated that 49.9% of Ethereum transactions entailed value transfer. The ratio of value-containing transactions varies widely from block to block. Access to greater computing resources would enable a more detailed study, and I invite anyone interested in this research question to conduct their own analysis.

References

1. “Digital Asset Anti-Money Laundering Act of 2022”. https://www.warren.senate.gov/imo/media/doc/DAAML%20Act%20of%202022.pdf. Accessed 21 December 2022.

2. “An Analysis of Bitcoin’s Use in Illicit Finance” by Michael Morell, Josh Kirshner and Thomas Schoenberger. 6 April 2021. https://cryptoforinnovation.org/resources/Analysis_of_Bitcoin_in_Illicit_Finance.pdf. Accessed 21 December 2022.

3. “What in the Ethereum application ecosystem excites me” by Vitalik Buterin. 5 December 2022. https://vitalik.ca/general/2022/12/05/excited.html. Accessed 21 December 2022.

4. “How cryptography and peer-to-peer networks contribute value to society” by Omar Metwally. 13 March 2022. https://omarmetwally.blog/2022/03/13/how-cryptography-and-peer-to-peer-networks-contribute-value-to-society/. Accessed 21 December 2022.

5. “Great Explorers” by Omar Metwally. 16 September 2022. https://omarmetwally.blog/2018/09/16/great-explorers/. Accessed 21 December 2022.

6. Maestro Ethereum application by Akram Alsamarae and Omar Metwally. National Science Foundation Grant 1937914. https://maestro.analog.earth

7. https://github.com/ethereum/go-ethereum

8. https://github.com/ethereum/web3.py

Posted on March 27, 2022March 27, 2022 by omarmetwally

The role of physical examination in the age of telemedicine

I had the opportunity to synthesize my experience with and research on telemedicine into a Grand Rounds presentation at Highland Hospital in Oakland, California on March 11th, 2022.

The slide deck can be downloaded here.

Posted on March 13, 2022 by omarmetwally

How cryptography and peer-to-peer networks contribute value to society

By: Omar Metwally, M.D.

3/13/2022

Objective:

To illustrate the utility of cryptography and peer-to-peer networking in protecting the authenticity, integrity, and availability of information.

https://en.wikipedia.org/wiki/Snowflake#/media/File:Snowflake_macro_photography_1.jpg

1. Information is the useful synthesis of data.

Our email inboxes, phones, and hard drives are constantly filling up with data; however, collecting, organizing, and archiving the useful nuggets of information in an ocean of junk requires time, money, and energy. The number of useful emails in my inboxes is a small fraction of the total number of emails, which are mostly spam. I don’t pay for extra storage out of principle. Why fund a company whose spam filters are more likely to block important emails than spam? Why perpetuate the problem?

Similarly with the high-resolution photos which take up so much memory on my phone and hard disk: most of these photographs do not deserve the 2+ MB of memory they occupy on my phone and PC. I’ll commonly snap a photo of a beautiful landscape, a critter I encounter on a walk, or something I need to remember for a short period of time (for example, where I parked). Backing up every photo and video on my phone seems wasteful considering that, like my email inbox, only a small proportion are media that I actually want to preserve. The alternative, however, would be to manually go through each of my inboxes and every photo I take on my phone and make a conscious decision whether to keep or delete a file. This latter strategy often proves far too time-intensive to pursue on a consistent basis.

2. Data that exists in only one location is as good as gone.

I once asked a colleague how he backs up his digital information. “I’ve never needed to back up my data,” he answered. This is a fallacy. Every possible failure of a digital system will eventually and inevitably occur. Hard disks fail all the time. People accidentally delete and lose files. Important bits of information drown in oceans of spam and junk, to the extent that locating them becomes practically impossible. Networked systems get hacked. People lose or upgrade their phones and change platforms, only to realize years later that they never backed up their old Android or iPhone which is now resting in a landfill.

Preserving information in a way that facilitates future retrieval requires:

– a consistent schema for organizing files and directories

– multiple physical (e.g. HDDs and SSDs) and cloud-based storage systems

– a consistent version control schema

– consistency in backing up information to each of these media

In other words, if you really cherish your data, you need to be organized, anticipate what can (and inevitably will) go wrong, and back up consistently. If it’s important information, chances are you’ll also want to encrypt your disks in a way that prevents unauthorized parties from accessing the data, without accidentally losing access to your own data.

3. Cryptography is arguably one of the most useful and powerful technologies in modern-day computing.

Modern cryptography is the basis for digital tools that protect the authenticity and integrity of information. While information ends up in the wrong hands all the time, encryption ensures that only the intended recipient can “unlock” the information. To lay people, “encryption” may conjure messaging apps designed for protect one’s privacy. However, another compelling use case of cryptography, which may be unknown to lay computer users, is to mathematically prove the authenticity of digital information. Algorithms such as SHA256 [https://csrc.nist.gov/glossary/term/SHA_256] can generate a mathematically unique string of numbers and letters, which can serve as a “fingerprint” for a file’s authenticity. Altering even the slightest letter in a document changes this cryptographic fingerprint.

Just like no two individuals have the same fingerprint, so do non-identical files yield unique cryptographic hashes. For instance, an attorney who needs to ensure the authenticity of a collection of evidence can use a cryptographic hashing algorithm such as SHA256 to prove beyond a doubt that the data do indeed represent what the attorney claims they do. However, it’s important to note that these hashing algorithms do not necessarily preserve the actual data to which they refer. It is still upon the attorney to back up the evidence in a secure and redundant manner. Furthermore, the attorney must ensure that each backup is identical. Although a small discrepancy may or may not be consequential in court (for instance, accidentally adding a space, period, or comma may or may not alter the interpreted meaning of a document), the cryptographic hash will be altered, negating the utility of the hashing algorithm.

4. Distributing and decentralizing information is a key value proposition of blockchain networks

Encryption and hashing preceded cryptocurrencies. Hash functions, which are defined by the National Institute of Standards and Technology, are generally free to use and are accessible via command line on any computer. Arguably the biggest value proposition of blockchain networks, on a technical level, is their capacity to add verifiable and tamper-proof timestamps to cryptographic hashes, by propagating a verifiable and identical chronological database across numerous peers around the world. Being able to reliably exchange information with thousands of computers across the world, spanning many different geographic areas, yields redundancy that would be implausible to replicate by entrusting any one party to create thousands of backups, spread them around the world, ensure that they can be accessed reliably, and also ensure the integrity of the original information. In reality, governments restrict access to online content all the time. People in affected locations can use tools such as VPNs to try and circumvent these limitations, but as long as a critical number of nodes is online, the information will not be lost, even if it is inaccessible from a certain geographic region due to inability to run a p2p client.

Cryptocurrencies create financial incentives for people to volunteer hard disk space, broadband, their time, skills, computing resources, and energy to contribute to a peer-to-peer network. Rather than relying on one party to ensure the integrity, authenticity, and availability of data (which is typically hosted in a relatively small number of geographic locations), blockchains are essentially distributed databases (also known as “distributed ledgers” when used in the context of exchanging digital value).

5. Ensuring information availability is another value proposition of blockchain networks

I have been experimenting with IPFS (“InterPlanetary Filesystem” [https://ipfs.io/]), a peer-to-peer file-sharing networking, since 2017. Each byte stored directly on a blockchain network is relatively expensive. While all blockchains are peer-to-peer networks, not all peer-to-peer networks are blockchain. IPFS, an example of a peer-to-peer network that is not a blockchain, allows users to easily upload directories and files to the network, where they are relayed from node to node. IPFS itself is free to use; that is, there is no subscription fee to cover hosting costs because volunteers around the world share in hosting the data. However, this utopian dream of “share everything, preserve everything” ignores the reality of the cost of hosting data. Bandwidth, disk space, processing power, and electricity cost money. Data hosted on IPFS can be “pinned” using a 3rd-party service, but this crosses the line of decentralization and places trust in a 3rd-party service to ensure the persistence of these data. Furthermore, it’s unclear to me why a 3rd-party service would volunteer their resources freely without charging a hosting fee.

Filecoin is a cryptocurrency developed by the creators of IPFS (Protocol Labs) which aims to solve this missing economic incentive. The Filecoin protocol aims to incentivize miners (people with a lot of computing power and storage capacity) to host others’ data by rewarding them with the Filecoin cryptocurrency in exchange for running software that can mathematically prove that the hosted data (1) exist on their hard drive(s), and (2) can be retrieved by the party that is paying Filecoin in exchange for their data to be hosted.

I downloaded the Filecoin client (“Lotus”) and spent several days running IPFS and Lotus in parallel in order to see if hosting a 113 MB file on Filecoin was a better alternative to using traditional cloud servers, and also to learn about the economics of the Filecoin ecosystem. I provide here my impressions of this limited experience without a recommendation for or against any cryptocurrency.

It took me a few hours to sync the Filecoin mainnet to completion. I had to download a snapshot of the chain in order to sync, and I could not locate a SHA256 checksum of the snapshot used to sync. I was unable to sync by connecting to peers directly. Using snapshots hosted on a centralized server which are not associated with published checksums is never best practice because there’s otherwise no way to ensure the authenticity or integrity of what one thinks they are downloading.

The Slack channels used by the Filecoin community are active, and I received timely answers to my questions by knowledgeable contributors. Once the Filecoin chain was synced, I proceeded to upload a 113 MB file using its IPFS hash (that is, the file was already uploaded to IPFS, and I used the IPFS hash to point to the data). The process of uploading data generally entails (1) identifying storage providers (miners) who are willing and able to host one’s data; (2) uploading the data to the storage providers; and (3) paying a transaction fee to upload the data. These transactions are referred to as “deals” and can range from 180 to 540 days in duration. Miners can specify parameters such as the minimum and maximum file size they are willing to host, duration of hosting, and their cost per Gigabyte per time period (in the case of Filecoin, per 30-second epoch). Retrieving data involves a separate set of processes, but I haven’t yet made it that far.

In Filecoin, miners host others’ data, which may or may not be encrypted. This is a potential legal gray area because miners generally don’t know what they’re hosting, and miners are often located in jurisdictions separate from the party seeking hosting services. Deals can be arranged on a Slack channel or third-party reputation marketplaces, but rarely does one know whom exactly they’re dealing with. What happens if a party is uploading content that is illegal in their jurisdiction? Or perhaps legal in their jurisdiction but forbidden in the miner’s jurisdiction?

The process of trying to host data on Filecoin is far more complex than using traditional cloud servers. The average person is unlikely to succeed without a strong commitment to the steep learning curve involved in using these command-line tools. Some of the complexities can theoretically be simplified using third-party services, but this can potentially negate the advantages of using an incentivized p2p network in the first place.

The Filecoin protocol incentivizes miners to contribute their computing resources (and time) to host others’ data by rewarding them for reliably hosting others’ data and financially punishing them by deducting penalties from the collateral they have to put up. Due to the relatively early stage of development of these tools, Filecoin documentation recommends making multiple deals with up to 10 different miners to ensure the availability of one’s data, in case one or more miners’ do not make good on their deal.

On my first attempt to upload a 113 MB file, the “deal” failed for unclear reasons, despite my attempts to troubleshoot the Lotus client’s behavior with the help of technical support volunteers. My starting balance was one Filecoin (1 FIL). Here are some numbers central to the (failed) transaction:

Initial wallet balance: 1 FIL

Cost of hosting 113 MB file with a particular miner for 180 days: 0.01296 FIL ($0.225504, at an exchange rate of $17.4 per FIL on March 12^th, 2022).

Wallet balance after the escrow funds were returned to my wallet (i.e. after the deal failed):

0.996353443699298176 FIL

Difference between initial and final wallet balance = amount of “gas” burned (network transaction fees):

0.006646556300701767 FIL

Therefore, 51.285% of the original proposed cost of hosting the file (0.01296 FIL) was burned in the form of gas. In other words, 0.006646556300701767 FIL / 0.01296 FIL = 0.5128515664121734

While the amount of burned gas may seem trivial, it accounts for a majority of the cost of the failed deal (51.285%)! If the goal is to establish 10 deals with 10 different miners, then the cost of gas associated with failed deals can quickly add up.

6. Mathematical proof of data availability may or may not be necessary

There are certainly cases in which it’s necessary to prove mathematically not just the integrity and authenticity of data (for example, using hashing functions such as SHA256), but also the availability of the data. Filecoin aims to mathematically prove both the existence and availability of data hosted on a peer to peer network while incentivizing miners to uphold deals with parties who need data hosted. However, there are also many instances where a SHA256 checksum uploaded to a blockchain with an immutable timestamp is more than sufficient. In this latter case, the responsibility of organizing, archiving, and maintaining identical copies of these data falls upon the party willing to pay for the weight of this proof. As mentioned above, there are instances where entrusting miners to store and deliver content may be undesirable for legal reasons, privacy, or simply the need to trust that at least one miner with whom one conducts a deal will uphold their end of the deal.

In conclusion, cryptography and peer-to-peer networking are powerful technologies that can help protect the integrity of information and ensure its persistence. Various blockchain networks use financial incentives in different ways to provide a variety of value propositions to network participants. Clearly understanding one’s goals as the relate to information preservation/exchange, and clearly understanding each network’s value proposition, is key to making good investments of one’s time and resources.

Posted on March 5, 2022January 31, 2024 by omarmetwally · 2 Comments

Beware ViaSat. Beware the Predator.

By: Omar Metwally, MD

Objective: To illustrate ViaSat, Inc‘s predatory business practices and warn other potential victims.

Hi ViaSat. You stepped on me thinking I was a tiny ant, like all the other tiny ant customers you are stepping on. The truth is, I’m a barbed hook.

July 2020: The pandemic is striking with full force, and I am working 100-hour weeks volunteering in COVID-19 medical units overflowing with very sick patients while completing a Federally-funded research project. Fast forward to March 2022: the world is recovering from the pandemic, and I am getting harassed for the first time in my life by debt collectors trying to collect bogus debt on behalf of ViaSat, Inc.

Beware a predatory, disreputable, Federally-funded company called ViaSat, also known as Excede or Wild Blue Internet.

During my last few months as Principal Investigator of Logisome, Inc’s Federally-funded research project, I signed up for a satellite internet service called ViaSat back in July 2020. The satellite dish was installed on the roof of my home, where I was conducting my responsibilities as PI and volunteering as an Internal Medicine Physician in overflowing COVID-19 medical units.

A technician arrived on Thursday, July 16th, 2020, and installed the satellite dish and equipment. I asked the technician to stay and make sure that the internet connection worked before leaving, but he insisted on leaving immediately. The internet speeds were initially so slow that it felt like a blast back to the 1990s. They were too slow to even load ViaSat’s homepage to look up their customer support phone number — and far too slow to conduct any sort of telemedicine.

I called ViaSat’s customer support in order to solve this internet speed problem and was on the line for nearly 2 hours after the installation trying to troubleshoot extremely slow speeds. The ViaSat technical support person remotely reset my modem, after which point I immediately and permanently lost all access to the internet.

After several hours waiting on hold, escalating emails to ViaSat’s management, and a complaint filed with the Better Business Bureau, they finally agreed to cancel service. I received written assurances that all fees in the contract had been waived and that my service was canceled. They sent me a UPS return label, and I sent back their equipment.

Now I’m receiving text messages from a debt collector saying that my ViaSat account has been sent to a debt collection agency called Halsted Financial. ViaSat did not send me any communications at any point claiming any debts owed to them. Here is one of numerous texts I’ve received from a party claiming to be a debt collector.

One of many text messages from a party claiming to be a debt collector on behalf of ViaSat, Inc. SMS date: 3/4/2022

Why is the U.S. government (FCC) funding a predatory company that does not deliver what they promise, that wastes people’s resources, and that inflicts harm on hard-working individuals with better things to do than deal with bogus debt and the financial and legal damages resulting from these disreputable business practices? How is this company still in business???

Why would you trust ViaSat to support critical infrastructure if you can’t even trust it for grade school homework?

ViaSat touts itself as a reliable internet solution for hospitals and the military. But if you can’t trust the company for submitting your kids’ online homework, why should ViaSat be trusted with people’s lives, health and safety? If you are considering signing up for ViaSat, chances are you live in a remote or undeveloped area in the United States. If you have any other choice of internet service provider, be assured that these alternatives are likely better options. If you have to decide between ViaSat and having no Internet connectivity, then be assured that you are probably better off without Internet.

ViaSat is not a legitimate company that earns a livelihood by selling useful services to customers. Rather, it is a shell of a company hiding the scam that it is: crooks that make money buy fooling people into contracts, breaking their own agreements, and inventing bogus debts so that debt collection agencies can do their dirty work. It is a disgraceful farce.

If you are one of countless victims of ViaSat’s fraudulent business practices, I urge you to call a lawyer and take legal action. A class action lawsuit is ripe for filing. Do not trust a company that lies to resolve BBB complaints, only to spin up bogus debts and send innocent people to debt collection agencies years later. Let’s use all legal means available to us to show this sham company that we are here to collect and make them shed what they owe.

Update on 3/14/2022:

Service agreement between ViaSat, Inc. and Logisome, Inc.

Despite the fact that the service agreement (signed by Cody Catalena of ViaSat’s Global Business Solutions, excerpt above) was between ViaSat and Logisome, Inc, ViaSat is fraudulently attributing fictional debt to me as an individual. This was an agreement between two companies. At no point did I conduct business with ViaSat as an individual or enter any agreements with them as an individual. Yet despite these facts, they are damaging my personal credit.

Collection Letter attributing fictional debt to an individual who never did business with ViaSat

—

Update 05-24-2022:

From: FCC

To: Omar Metwally

Date of Correspondence: April 25th, 2022

“””

This ticket (#5338127) has been updated.

Hi Omar,

Here is the response we received from your carrier.

Thank you,

FCC Consumer Complaints

Federal Communications Commission
Consumer & Government Affair Bureau
Consumer Inquiries and Complaints Division
445 12th Street, SW
Washington D.C. 20554 Response via FCC Electronic Response Program

Re: Omar Metwally, Complaint Ticket No. 5338127

To Whom It May Concern:

Thank you for bringing Mr. Metwally’s complaint to our attention.

The Customer Agreement, signed by Mr. Omar Metwally on July 16, 2020, advises that customers are responsible for returning Viasat’s modem and transceiver within 30 days after disconnection. Failure to do so will result in an unreturned equipment fee of $300.00, not including taxes. Viasat supplies customers with a UPS box, prepaid return shipping label, and illustrated instructions within a week after disconnection.

On August 20, 2020 a bill of $159.00 for an unreturned transceiver generated. No payment was processed resulting in a past due balance.

Mr. Metwally contacted Viasat inquiring about his bill on September 7, 2020. A Viasat Business representative advised Mr. Metwally we had not received his transceiver.

On September 8, 2020, Mr. Metwally’s account was sent to collections due to its past due balance. As Mr. Metwally’s name was the one on the Customer Agreement, it was his contact information that was used in order to deliver the notice of collections.

As a resolution to Mr. Metwally’s complaint, Viasat has waived his unreturned transceiver fees as of March 22, 2022. Please note it can take the collection agency a minimum of 30 days to update their records, Viasat is unable to expedite this process.

Thank you for the opportunity to respond.

Sincerely,

Viasat Satellite Service
Consumer Affairs Department

CC: Omar Metwally

“””

From: Omar Metwally

To: FCC

Date: May 24th, 2022

“””

Dear FCC:

Please keep this ticket open, as ViaSat has once again failed to keep its word. I received another collection letter in the mail today, attached.

Furthermore, please note that ViaSat’s response on 4/25/2022 states that “customers are responsible for returning Viasat’s modem and transceiver within 30 days after disconnection.” This statement is inconsistent with ViaSat employee John V’s email dated 07-30-2022, which refers to a “VoIP phone” and “routerboard” but has no mention of a transceiver. ViaSat provides contradictory and inconsistent instructions to customers, and they obviously don’t know what equipment they want returned.

ALL REQUESTED EQUIPMENT WAS ALREADY RETURNED ON TIME.

ViaSat are liars and criminals. Please hold them accountable for their predatory business practices and make them stop terrorizing innocent, hard-working people.

Attachments:

viasat_collection_letter_05-24-2022.pdf

viasat_collection_letter_03-02-2022.pdf

equipment_return_instructions.png

Respectfully,

Omar Metwally, MD

“””

Let it be known to all humans, past, present, and future, that ViaSat are liars, criminals, and terrorists.

—

Updated 3 August 2022:

viasat_public_3_august_2022 Download

viasat_public_3_August_2022.zip

SHA256 checksum: a19581e72b2f2399aca14486d14c0e260ffda39d684dc5f9df04eaa4619d425c

Justice for Victims of ViaSat

——–

Update 13 September 2022:

Endless harassment by debt collectors, courtesy of Cody Catalena of Viasat Global Business “Solutions”, a man of endless problems and no solutions.

Update on 31 January 2024: The ViaSat (VSAT) terrorism continues…

Despite ViaSat assuring me and the FCC that they reversed my collection balance on 7 September 2022…

…the collection letters still continue, and nothing has been done:

Posted on December 11, 2021December 19, 2021 by omarmetwally

How to create a threaded cap

By: Omar Metwally, M.D.

Objective: Design and 3D print a threaded cap that creates a water-tight seal with a threaded glass jar.

Environment: Autodesk Fusion 360

Glass jar dimensions:

Jar Outer Diameter (measured over threads): 48.06 mm

Thread Height: 11.88 mm

Metric Thread Pitch: 3.5 mm

Approach: Design a custom “coil” element.

Thread Terminology

Coil diameter (CD): Diameter of a zero-thickness coil as viewed from above (i.e. in the XY plane).

Jar Outer Diameter (JOD): Diameter of the jar opening, measured with Vernier calipers. Includes threads.

Coils: Protruding rings comprising the thread.

Section size (S): Coil thickness

Height (H): vertical height of the thread

Metric Pitch (P): distance between two adjacent coils

Revolutions (R): The vertical distance traveled by the coil (i.e. along the Z-axis of a cylinder) as it completes a 360 degree turn, beginning and ending at the same X and Y coordinates (i.e. looking down at the cylinder from above).

Tolerance (T): Arbitrary distance added to the coil diameter (CD) to allow the cap coils to interface with the glass jar threads.

Method

1. Create a coil with coil diameter (CD) equal to the jar outer diameter (JOD).

CD = JOD

In this case,

Jar outer diameter (JOD) = coil diameter (CD) = 48.06 mm

S = 2 mm

H = 11.88 mm

T = 0.2 mm

Angle = 0.0 degrees

P = 3.5 mm

2. Calculate coil revolutions (R), remembering that one revolution is a 360 degree turn.

R = H / P

Revolutions = Height / Pitch

In this case,

R = 11.88 / 3.5 mm = 3.39 mm

3. Create the rest of the cap

The cap comprises the cap body combined with the coil. The body is a hollow (shelled) cylinder, and the coils can be either inside or outside the body. In this case, the coils are inside the body to create the shape of a female cap. The body inner diameter (BID) equals the coil diameter (CD) plus tolerance (T). That is,

BID = CD + T

In this case, we’ll use a tolerance (T) of 0.2 mm for a PLA print, and the body will be 2 mm thick, such that:

BID = 48.06 + 0.2 mm = 48.26 mm

BOD = BID + (2*2 mm) = 52.26 mm

RESULTS

Posted on August 4, 2021December 13, 2021 by omarmetwally

Blue Jeans

By Omar Metwally, MD

August 4th 2021

This is a photo of Salt Lake City, Utah on April 3rd, 2020.

At the end of March 2020, I drove from the San Francisco Bay Area, my home of eight years, back to my home state of Michigan to volunteer in medical units overflowing with patients who were sick with the novel coronavirus. My puppy and my few personal belongings, which had consolidated over the years after frequent moves from one city apartment to the next, are packed into my Honda Civic, the rest of my belongings left behind in an apartment I quickly fled to avoid state border closures. Every fleck of my skin, from my face and lips to my toes, is swollen, red, and painful — a farewell gift from a patch of poison oak that my puppy discovered during one of our last hikes through the East Bay’s eucalyptus forests. I am on fire.

I drove from California to Michigan via interstate highways that traverse the heart of America with prescriptions for steroids to treat my case of fulminant poison oak hypersensitivity and an aloe plant on my lap. As I spent the better part of four days behind the wheel cutting off aloe leaves[1] and rubbing them on my skin to relieve the intense burning that pushed me to the limits of patience, I reflected on how quickly life had changed in such a short period of time: the perpetual line of masked people in front of the deli where I used to walk a block over to pick up a sandwich for lunch and carry home fresh produce; the panic of trying to hunt down dog food after all the local pet stores shuttered their doors indefinitely; driving an hour and a half to Sonoma County in pursuit of milk; the tense, heavy atmosphere at my hospital as it filled up with seriously ill patients – and the limited therapeutic options doctors had at their disposal at the start of the pandemic.

Many people lost their lives and their livelihoods during the pandemic, which continues to take its toll around the world.

This is a photo of Salt Lake City, which I did not take because it wasn’t how I wanted to remember the capital of one of the most beautiful states in America.

After a few hours rest in a nearly-deserted hotel, I wake to continue our journey east. Except for a police patrol and a homeless man, there isn’t a soul on the streets of downtown Salt Lake City, as I walk my dog in search of a cup of coffee. This is not how a city should ever look, except in Cormac McCarthy’sThe Road. Even the national coffee chains one could previously count on were closed, and I resorted to brewing my daily cup of joe on the side of the road with the aid of a propane-powered camping stove.

Michigan was hit early and hard by the COVID-19 pandemic, but finding food for puppy and milk for me was still easier outside of California’s dense urban areas. When the State of California issued the first stay-at-home order in March 2020, it felt like standing on a beach watching tsunami waves roll toward land. While those tsunami waves are just now making landfall in certain countries that managed to dodge the first pandemic wave by means of fast, coordinated action, the aftershocks are being felt acutely by all. Personal loss and economic damage on such a large scale will take time to heal. The cost of basic provisions, from groceries to building materials, has increased markedly in just a few months, and the future is more uncertain now than it was in the pre-pandemic world.

Despite the great difficulty of finding a sewing machine and fabric in the spring of 2020, I managed to purchase my first sewing machine and learned to sew face masks with the help of a tutorial on the CDC’s website. The linen masks I created were far more comfortable and breathable than surgical masks, and I felt empowered to create something that had become as indispensable to daily life as a smart phone, especially at a time when masks were expensive and hard to come by. Just a few months before moving back to Michigan, I was taking my shorts to alterations shops to replace buttons, and I would have never imagined operating a sewing machine myself.

Learning how to sew gave me the knowledge and skills to harness an ancient technology – textiles – to create functional and beautiful things that can’t be made using 3D printers. After using the remaining linen to sew window drapes for our home, my next challenge was denim. A pair of jeans is both a tool and a lasting work of art. Subject to areas of extremely high tensile forces, jeans hold things together to keep us warm while serving as a physical barrier between our bodies and the world. Denim adapts to the shape of our bodies over time, and we hardly notice a comfortable, well-fitting pair of jeans as we go about our business. Jeans have front and back pockets to hold our keys, phones and wallets, and jeans take on a uniquely cool look with each wash, tear, fray and stain.

U.S. Patent Number 139,121 (“Improvement in fastening pocket-openings”) for using rivets to reinforce pockets awarded to Levi Strauss and Jacob Davis on May 20^th, 1873.
Source: https://patents.google.com/patent/US139121A/en

Levi Strauss of San Francisco and his business partner, Jacob Davis, a tailor from Reno, Nevada, were awarded U.S. Patent Number 139,121 (“Improvement in fastening pocket-openings”) for using rivets to reinforce pockets on May 20^th, 1873 [2]. There is a big difference between sewing trousers and sewing a durable garment that can withstand years of vigorous use. Strauss and Davis’ invention helped improve the longevity of jeans as a tool, a garment worn by people to help them work hard, and a garment that also happens to look nice!

As with face masks, I began sewing jeans out of necessity. Shopping for clothes to replace the wardrobe I left behind in California was impossible or extremely challenging for many months. Even before the pandemic, happening across a well-fitting pair of jeans involved visits to several outfitters and spending a day trying on jeans. If I was lucky enough to find a pair that fit, I didn’t have say in the properties of the denim I would bring home to break in: the fabric color, weight, style and stretch.

Jeans have become staples in apparel and are worn by people of every rank and file all over the world. The mass production methods necessary to achieve the current market prices rely on the sweat and lifeblood of factory workers who specialize in one small step in a complex process overseen by the proprietor. What surprised me most about learning how to sew jeans was the remarkable fine motor skills and intensity of labor which the process entails. With my wife’s help, we can together create a pair of jeans in three days: one day to take measurements, draft a pattern, cut fabric and serge the pieces; another day to sew the pieces; and a third day to add trimmings and hem. The price tags on store-bought jeans betray the immense skill and effort involved in creating a pair of shiny new blue jeans, but there is no price on the joy of achievement.

Whether I’m rounding in the hospital or under the hood of my car, I enjoy wearing a pair of hand-sewn jeans as a reminder that sewing jeans, like the practice of medicine, requires both knowledge and skill, a fruitful marriage of theory and practice. Creating a well-fitting pair of jeans requires a good grasp of human anatomy and the theory of pattern design. It requires an appreciation for how movement – walking, running, sitting and squatting – impart forces on the fabric, and how manufacturing techniques can reinforce these high-stress areas. Sewing jeans also requires appreciation for how denim is woven and dyed, and how its properties can be modulated to yield a certain feel and look. The theory of jeans-making must be combined with outstanding sewing skills to produce an awesome pair of jeans. Learning to work with a heavy fabric like denim takes a lot of practice and patience.

Even if I had an endlessly long list of customers, a mom-and-pop jeans shop operating in the United States cannot compete head-to-head with a jeans factory that outsources its operations to places where the cost of labor is significantly lower. And while I can’t pretend to be an expert seamster as far as sewing jeans is concerned, practice makes perfect.

A pair of custom Ox Jeans made using a computer program that algorithmically generates jeans sewing patterns from a handful of body measurements

My offering:

Custom, algorithmically-generated jeans sewing pattern. Includes:
- Full-size printout containing all pieces for a custom-sized pair of jeans, based on your body measurements
- 3 business day turn-around
- Cost: $50

A custom-tailored pair of jeans. Includes:
- Hand-sewn pair of jeans made with 100% American denim
- Constructed using the algorithmically-generated sewing pattern (above)
- Cost: $600

A pattern can be purchased separately from the jeans so that people with sewing skills can create their own jeans at home.

To purchase a custom jeans pattern and/or a pair of custom-tailored jeans, request an order form by emailing me (omar@oxjeans.me) with “Ox Jeans Order Form” in the subject line.

References

Aloe vera: a review of toxicity and adverse clinical effects. Guo X and Mei N. J Environ Sci Health C Environ Carcinog Ecotoxicol Rev. 2016 Apr 2; 34(2): 77–96. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6349368/
U.S. Patent Number 139,121. “Improvement in fastening pocket-openings.” Jacob Davis of Reno, NV, and Levis Strauss & Company of San Francisco, CA.

Posted on December 16, 2020December 17, 2020 by omarmetwally

Due to unusually high call volumes

The strain of the COVID-19 pandemic on society and healthcare systems turned fine fault lines into gaping canyons. Reflecting on my writings about U.S. hospitals 5 years ago, I asked myself what had changed and what still must change to rebuild a healthcare system that can deliver medical care wherever and whenever it’s needed. What problems were prevalent in the healthcare system before the pandemic, and how did the pandemic highlight these deficiencies? In my day-to-day work as a doctor, what diverts my time and energy away from the most important and fulfilling aspect of doctoring – patient care?

Direct and effective communication with patients is the most important aspect of healthcare, in my view. A doctor working in the community who is licensed and certified has demonstrated a body of knowledge and skills to provide medical care within a certain scope of practice. Someone with a health concern is arguably not seeking the smartest doctor they can find; they want a doctor with whom they can communicate their concerns, understand their health issue, and make a mutually acceptable treatment plan. In daily practice, I feel that 95% of my time and energy are consumed by tasks that do not relate directly to patient care. Even more unfortunate is the fact that these 95% of tasks are the ones by which doctors are evaluated and compensated: clicking through electronic health records (EHR), wrestling with flawed communication systems (such as hospital phones, pagers, texting, and email) to receive and share information with other members of the healthcare team, answering “queries” from hospital administration for the purpose of billing patients and insurance companies, and wasting life-years trying to wrangle health information systems as mandated by hospital administrators and insurance companies.

1. The world wide web

The pandemic pushed the role of “telemedicine” (healthcare rendered by phone or digitally) into the foreground as a way to deliver healthcare efficiently while reducing the spread of the coronavirus. Regrettably the first and biggest problem with healthcare is internet connectivity and how EHR software sends and receives information between a doctor’s phone/computer and the hospital server. Even in the year 2020, reliable, high-speed internet is a scarce resource in the United States. Most Americans have no choice of internet service provider, if they are lucky to even have access to one. In a time where human resources are stretched thin and inefficiently used, trying to reach a human in the event of a service interruption can easily waste hours if not days waiting on hold or confined to chatbot purgatory. Many doctors now work remotely to a large extent, if not entirely. Reliable, fast internet is prerequisite to being able to deliver good healthcare. This is especially true because of the nature of EHRs, which use “Virtual Machines” and “Remote Desktops” that require a reliable, low-latency, high-speed internet connection. A client that runs at a snail’s speed and frequently disconnects, requiring 10 minutes to repeat the authentication process before dropping the connection again, is severely detrimental to patient care.

2. Electronic Health Records

EHRs are essentially spreadsheets in fancy packaging. They’re not smart in the sense that a phone is smart; they don’t learn, predict, or automate tasks. In fact software that is slow, requires a lot of clicking and non-intuitive behavior, and which wastes a lot of time with authentication and logging in, is not much better than typing text into the simplest text editor and saving it in a rudimentary database. That is the core of a hospital or clinic’s information system: text and media files saved chronologically and accessible to the right people at the right time. I prefer to type or dictate notes freestyle rather than use templates because it’s faster for me, gives me more control over the document, and helps me communicate my assessment and treatment plan more effectively than relying on a template created by someonen else who may conceptualize a diagnostic process and treatment plan much differently than their peers. An ideal EHR to me would simply be typed into a Unix terminal (for a reader unfamiliar with Unix, imagine a black screen with a flashing white cursor) and piped into a hospital server, which would then use the text to help doctors appreciate the clinical Gestalt or “big picture”: what could harm or kill the patient in the next few hours? And beyond the first 12-24 hours, how to safely discharge the patient? As an EHR user, I don’t want a fancy front-end trickling through a lagging virtual machine; I want a simple, low-latency, text-focused interface and a smart backend, in other words, very simple software that looks dumb but is actually smart.

3. Communication

On top of the pressure of having to synthesize a huge amount of dynamic information to make fast and sound decisions about patient care, doctors are inundated and constantly interrupted by communications from other members of the care team. Doctors work closely with nurses, aids, phlebotomists, lab and radiology technicians, doctors from different specialties, clerks, social workers, insurance companies, and hospital administrators. There is a lot of information constantly moving back and forth in real-time between all parties. This flow of information is often like a waterfall rather than a water faucet – the communications are not prioritized and frequently fail to reach the right person at the right time. There are times when a doctor’s attention should be focused entirely on the task at hand, for example when assessing or speaking with a patient at bedside. This is no time to be interrupted with billing queries or non-urgent questions about other patients’ care. A constant stream of unprioritized and unfocused information can make it extremely difficult to focus on the critical 1% of information which can hurt patients if this information is not processed correctly at the right time. In order to hold people accountable for their decisions, they need to be given a fair chance, with tools that work without draining life out of the users. A page or phone call that may or may not find the intended recipient, and a note left in the EHR saying, “tried to call you but you didn’t answer your phone,” is subjective and not constructive without a way for all parties to track communications from their origin to their destination.

Automated spam calls, a nuisance in daily life, can be harmful to patient care by hindering timely and effective communication

In addition to the right tools, there is a need for sound systems. A doctor’s extensive education and training culminates in a highly specialized set of skills and knowledge. Doctors should take pride and joy in their work; they endured long, grueling training out of a desire to help humanity. Out of training, doctors traditionally became their own bosses, working in community hospitals or private clinics, practicing medicine the way they were taught in a style that becomes their own. Nowadays doctors are managed by administrators who are not doctors. There is a reason why healthcare systems look and function the way they do, an evolutionary end-product of decades of legislative, financial, operational, and societal forces exerting themselves on doctors and hospitals. Back in the day, doctors saw their own patients in their own clinic and treated their patients when they were hospitalized too. This is exceptional nowadays. There was no, “I’m your doctor for today,” or “I’m your doctor this shift, until 8pm.” The reality is that this mode of doctoring has become rare. Having experienced the modern-day flavor of corporate medicine in urban areas and the more traditional model in rural areas, I appreciate the pros and cons of both models. “I’m your doctor, period” can be spoken by a doctor lucky enough to escape corporate medicine, but also a doctor prepared to withstand the stress of not having any personal or protected time away from work. Too many talented doctors nowadays burn out after short-lived clinical careers, depriving patients of the care of great doctors who fell victim to the 95% non-clinical burden on top of the already stressful 5% clinical work.

4. More communication

There is a clear line between “outpatient” and “inpatient” medicine in most doctors’ minds, that is, healthcare delivered in a clinic, where a patient goes to an appointment and returns home, compared to a hospital, where a patient stays overnight. Patients don’t think in terms of “inpatient” and “outpatient.” A patient who wakes in the middle of the night with a fever and shortness of breath, or a patient with a growing breast lump, have concerns that needs to be addressed immediately by someone who actually cares. It sounds obvious, but I could not copy and paste this phrase too many times: by someone who actually cares. Not a voice menu, not a chatbot, not “Due to unusually high call volumes…,” and not a tired, under-paid clerk who is poorly equipped to do their job. A doctor has the knowledge to assess whether a problem is urgent or not urgent, concerning or likely harmless. It’s not fair or realistic to expect patients, lacking specialized knowledge, exposed to the vast informational waste littering cyberspace, biased by personal experience and anxiety about a health condition, to make those calls.

“Due to unusually high call volumes…” has become this year’s mantra. Nearly every call I attempt to place to an insurance company, hospital, or clinic is met with this phrase and indefinite wait times, now nine months since the start of the pandemic. Most negative feedback about doctors and hospitals relates to what goes on beyond the few minutes a doctor spends interacting directly with the patient: a medical assistant having a bad day, a disorganized clinic, the insurance labyrinth, bills…human concerns not being reciprocated by a human in a place to care and do something about it. Most of the time and energy spent by patients trying to get help for a health concern is burned in the friction of waiting on hold and clicking through websites to try and make appointments or navigate insurance and billing departments. Putting this burden on healthy people is absurd. This is a lot of life wasted by a lot of people. There needs to be a much less painful way to pick up the phone and route a health concern to someone with the expertise to address the concern. Putting this burden on someone who is sick and possibly dying is criminal.

5. Paying for healthcare

Healthcare is too expensive to fund primarily through private insurance. This is the clearest take-home point of the pandemic to me as a doctor and as a patient. I recently “downgraded” my health insurance because it is by far my biggest monthly expense after my mortgage. For the past year, I purchased expensive health insurance and hardly used it. Miss a payment, and insurance companies will not hesitate to end coverage as soon as the clock strikes twelve, as swiftly and thoughtlessly as a robot. I am fortunate enough to have a job. Many people do not and were already barely just getting by before the pandemic. We no longer have the luxury of deciding whether or not a single payer system is good for America. We are well past that point. Healthcare, especially now, can only be funded by a payer pool on a national level. In my view, healthcare is a human right. This is not a political issue to me. This is a human issue. Everyone should have access to at least a basic level of healthcare: when you have a health concern, you should be able to see a healthcare professional as quickly enough as the issue warrants, without breaking the bank, without bankrupting society.

I had the opportunity to work in German hospitals during my medical school international rotations. There is no such thing as uninsured in Germany, and many other countries with nationalized healthcare. Everyone can get urgent and non-urgent healthcare without going bankrupt. In my view, universal healthcare (and access to universally affordable education) is the foundation of a sound, healthy society. How much money one has in the bank should not delay access to healthcare. Those with the means to purchase private health insurance are free to do so, along with the benefits this might entail. The reality is that healthcare is expensive. Diagnostics and therapeutics – CT scans, MRIs, lab tests, prescription drugs – cost money to develop and deliver. We are all humans, and illness is inseparable from the human experience. Everyone will have contact with the healthcare system at some point in their life, and most Americans are born and die in hospitals. The sooner we accept this reality and have empathy for the suffering of others, the sooner we can make better decisions for how our healthcare system will look and function in the recovery period following the pandemic.

Omar Metwally, MD // 16 December 2020

omar@analog.earth

Posted on March 16, 2020March 16, 2020 by omarmetwally

Xin chào Việt Nam!

We’re walking through Hanoi’s Old Quarter on a warm spring day, dodging motorbikes on crowded streets, passing cafes and crowded curbside restaurants. The smells, sights and sounds of an endlessly lively Vietnam are constant companions. For miles in all directions, mom & pop t-shirt shops line the streets selling variations on common designs, many inspired by political satire. The shirts range from 60,000 VND (~3 USD) to about 10 USD, the final sale price depending on one’s skill in haggling, ability to establish rapport with the seller, and the extent of one’s Vietnamese. What’s original today will quickly be copied and re-copied until it becomes a jaded afterthought in the public domain.

A dragon lurks in the corner of my eye: black dragon on grey background, a striking image. The shop owner says he’s the only one selling it Hanoi, and after acquiring a new wardrobe during the course of my travels from Saigon to Hanoi, I have no reason to doubt him. Only – it’s a size too small, and I want two custom shirts made with black and red dragons on white background. He assures me he’ll have the shirts printed in just a few minutes, and indeed, 10 minutes later he sells them at a steep profit for $5 each, in time to greet the next group of visitors admiring the shirts hanging in the entrance.

Sleeping Dragon — Original design by Truong Thanh Duc

Two weeks in the Land of Smiles was a remarkable lesson in good humor, fine coffee, delicious cuisine, and business savvy. Haggling with Vietnamese merchants was endless fun, in large part because of the opportunities to get to know the beautiful families who greeted us with kindness and generosity.

Cà phê đên — The joy of Vietnamese coffee

One eye-opening take-home business lesson as it relates to my team’s work on a 3D-printed e-bike has been the value of 3D printing in quickly putting highly customized products in customers’ hands, the manufacturing industry’s equivalent of a custom-printed t-shirt or a handmade leather wallet. In a time of intense competition in global marketplaces, there is value in custom-made products, and there are those who appreciate their significance – in Vietnam, and in America.

Posted on November 19, 2018November 22, 2018 by omarmetwally

A stroll through Victory Mansions

Omar Metwally, MD
Analog Labs
19 November 2018

It was a bright cold day in April, and the clocks were striking thirteen. Winston Smith, his chin nuzzled into his breast in an effort to escape the vile wind, slipped quickly through the glass doors of Victory Mansions, though not quickly enough to prevent a swirl of gritty dust from entering along with him.

Opening paragraph of George Orwell's Nineteen Eighty-Four. 
306 characters, including spaces.

I did some back-of-the-napkin math to calculate how much it would cost today to upload George Orwell’s novel Ninteen Eighty-Four to the Ethereum blockchain.

To upload the opening paragraph using this Ethereum contract (there are much more efficient ways to accomplish this using Solidity), the transaction would cost 290697 gas under current network conditions. If the entire 576,789-character novel were uploaded in the same manner, it would cost 576789 * 290697 / 306 = 54743895.20588 gas. Gas is currently about 2.2 * 10^9 wei [1].

(54743895.20588 gas) * (2.2 * 10^9 wei / 1 gas) * (1 Ether / 10^18 wei) = 1.2 Ether.

The carat symbol (X^Y) here indicates “X to the power of Y”.

In this manner, Orwell’s Ninteen Eighty-Four would cost 1.2 Ether to upload to the Ethereum blockchain, where it would be permanently and publicly available, served by more than 10,000 nodes.

If Ether were regarded in terms of its utility rather than as a speculative or financial instrument, there would likely be much less price lability, assuming society’s utility for a technology in general changes at a much slower rate than a market’s enthusiasm for securities and commodities. For instance, the cost of electricity in the residential setting varied from an average of 11.26 cents per kWh in 2008 to 12.89 cents per kWh from 2007 to 2017 [2]. Contrast this with the cost of Ether ranging from less than $1 in 2015 to more than $1,400 in early 2018.

How much does Ether really cost? A dollar? $100? $1000?

One way to begin answering this question is to study current market rates of cloud hosting services [3, 4]. Google offers a 2TB standard storage tier at $0.000274 per hour, and Amazon’s standard EC2 instances can range from $94 to $2,367 annually. A direct comparison with the cost of uploading Orwell’s novel is inaccurate because:

Information uploaded to the blockchain is permanent as long as a majority of nodes continue perpetuating the blockchain. Cloud hosting contracts are only as permanent as a recurring credit card payment, a company’s existence, and its willingness to serve data.
Google and Amazon cloud instance capacity is much larger than the 590kb size of Nineteen Eighty-Four as a text file.
Cloud hosting companies charge for bandwidth, whereas there are no blockchain transaction costs associated with downloading blockchain data
Conversely, running blockchain clients consumes a lot of bandwidth
A large, distributed network’s downtime is virtually zero and is theoretically much more resistant to hacking

I offer file storage as an imperfect thought experiment because a significant part of what consumers pay for when purchasing a smart phone is the ability to store large amounts of media, access and share these data. This thought experiment is only a starting point to answering the question of how much one Ether actually costs.

It took decades for the internet’s value to manifest, which today often takes the form of profiling users and using this information to sell digital ads. As one of my academically-minded siblings keenly points out, however, one important difference between the origins of the internet as we know it today and blockchain networks whose tokens are traded on exchanges is that the internet was built in a more farsighted manner without the objective of making money for speculators. ARAPANET, the precursor to the modern internet, initially ran on four Interface Message Processors (IMPs) at UC Santa Barbara, Stanford, the University of Utah, and UC Los Angles [5]. Of course, the internet has changed dramatically since its early years, and technology in general is constantly evolving under the pressures of regulation and free markets.

Crypto markets poisoned blockchain research by muddling networking protocols and stake in open source projects with financial speculation. On one hand, capital is an important element of many large endeavors. On the other hand, skyrocketing prices and price lability can breed greed, resentment, and hinder the ability of programmers, consumers, and researchers to actually use networking protocols. The lower the price of crypto, the cheaper the transactions on the network and the more accessible the protocol is to the average consumer.

So how much does Ether really cost? A dollar? $100? $1000?

One step toward answering this complicated question is to ask: how much would you pay to perpetually host George Orwell’s Nineteen Eighty-Four (or another 590kb text file or image)?

	aggrieved customer on Beware ViaSat. Beware the…
	Brenda McElroy on Beware ViaSat. Beware the…
	Aaron Noparstak on Healthcare on the Ethereum…
	omarmetwally on How to create a private Ethere…
	martin on How to create a private Ethere…